[ 
https://issues.apache.org/jira/browse/RANGER-5072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhishek Kumar updated RANGER-5072:
-----------------------------------
    Fix Version/s: 2.6.0

> Bump org.apache.avro:avro from 1.11.3 to 1.11.4
> -----------------------------------------------
>
>                 Key: RANGER-5072
>                 URL: https://issues.apache.org/jira/browse/RANGER-5072
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>    Affects Versions: 2.5.0
>            Reporter: Basapuram Kumar
>            Assignee: Basapuram Kumar
>            Priority: Major
>             Fix For: 2.6.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
>  [CVE-2024-47561|https://nvd.nist.gov/vuln/detail/cve-2024-47561] 
> +Description of CVE+
> Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions 
> allows bad actors to execute arbitrary code. Users are recommended to upgrade 
> to version 1.11.4  or 1.12.0, which fix this issue.
>  
> To address the 
> [CVE-2024-47561|https://nvd.nist.gov/vuln/detail/cve-2024-47561] , suggesting 
> to bump-up from 1.11.3 to 1.11.4



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to